“Protecting the privacy of online consumers is a serious law enforcement matter,” said Attorney General Harris, who previously forged an agreement with seven leading mobile and social app platforms – Amazon, Apple, Facebook, Google, Hewlett-Packard, Microsoft, and Research in Motion – to improve privacy protections for users of apps on smartphones, tablets, and electronic devices. “We have worked hard to ensure that app developers are aware of their legal obligations to respect the privacy of Californians, but it is critical that we take all necessary steps to enforce California’s privacy laws.”

The California Online Privacy Protection Act of 2003, which is enforced by the Privacy Enforcement and Protection Unit, requires commercial operators of online services including mobile apps which collect personally identifiable information from Californians to conspicuously post a privacy policy detailing how companies collect, use, and share personal information of users. The agreement allows consumers the opportunity to review an app’s privacy policy before they download the app rather than after, and offers consumers a consistent location for an app’s privacy policy on the application-download screen in the platform store. Companies can face fines of up to $2,500 each time a non-compliant app is downloaded.

California also recently passed what appears to be the first law in the nation to address the practice of “offshoring” of personally identifiable information – or “PII” – of American consumers collected for background checks outside of the country and beyond the reach of U.S. privacy laws. Senate Bill 909 (SB 909), which took effect January 1, 2012, does not prohibit or regulate offshoring, but amends the California Investigative Consumer Reporting Agencies Act (ICRA) that regulates background checks in California to require that background check firms doing business in the state disclose in their privacy policies whether a consumer’s PII will be sent outside the country. SB 909 also requires employers to place the privacy policy of their screening firm on the authorization and disclosure form needed for a background check and provides for damages if consumers are harmed by offshoring.

To alert employers and job seekers about the potential dangers caused by background check firms offshoring PII, a group of more than 170 like-minded Consumer Reporting Agencies formed the industry group ‘ConcernedCRAs’ that endorses and subscribes to a set of standards that opposes the processing of consumer reports outside of the United States. As a member of ConcernedCRAs, Employment Screening Resources (ESR) does not offshore PII and all processing and preparation of background checks are performed exclusively in the United States, with the only exception being international verification using information outside the country. ESR was also the third background screening firm in the U.S. to become “Safe Harbor” Certified for data privacy protection.